National Cybersecurity Awareness Month

About the Sponsor

BAE Systems works with government and commercial clients to collect and manage information to provide intelligence, maintain security, manage risk and strengthen resilience in today's complex operating environment.

October is National Cybersecurity Awareness Month and it is an opportunity to engage public and private sector stakeholders - especially the general public - to create a safe, secure, and resilient cyber environment. Everyone has to play a role in cybersecurity. Constantly evolving cyber threats require the engagement of the entire nation — from government and law enforcement to the private sector and most importantly, the public.

Cyberspace is woven into the fabric of our daily lives and the world is more interconnected today than ever before. We enjoy the benefits and convenience that cyberspace provides as we shop from home online, bank using our smart phones, and interact with friends from around the world through social networks. The Department of Homeland Security is committed to raising cybersecurity awareness across the nation and to working across all levels of government, the private sector, and internationally to protect against and respond to cyber incidents.

If your agency is still running Windows XP on its desktop computers, Microsoft has published a new reason to switch to Windows 7 or 8. The company's latest Security Intelligence Report shows XP computers are hit with malware infections at twice the rate of machines running the other OSes. More than nine percent of XP machines were infected through June of this year, versus five percent for Windows 7 and 1 point 4 percent for Windows 8. Microsoft reports, overall fewer computers are encountering malware attacks, so fewer are succumbing to them. The report shows enterprise computers tend to be better protected than individual consumer ones. Microsoft is ending support for Windows XP this coming April.

The National Security Agency is secretly tapping into Yahoo and Google data centers, and accessing much more information than previously thought. The Washington Post broke the news after analyzing more documents taken from the NSA by former analyst Edward Snowden. The revelations raise questions of whether the NSA is breaking federal wiretap laws. In response, the agency says it does not use the method to collect vast quantities of data on Americans. And it says it is not using a presidential order to get around limitations imposed by the Foreign Intelligence Surveillance Act.

Lockheed Martin's Cyber Security Alliance is adding three members. Red Hat, Fire Eye, and Splunk will join the consortium to "help create intelligence-driven defense products," at the company's NexGen Cyber Innovation and Technology Center. Learn more about how the companies will contribute to the Alliance at Federal News Radio dot com slash In Depth.

Everyone does it. National Intelligence Director James Clapper told Congress, spying on foreign leaders is a two way street. European allies are guilty of it too. The head of the National Security Agency, General Keith Alexander, said it was the Europeans, not the US, who did a surveillance sweep on phone records overseas. REUTERS is reporting, Chinese officials say they'll ramp up information security amid allegations that the National Security Agency is spying on European allies.

President Barack Obama met with a handful of corporate leaders for a personal chat on cybersecurity. Attendees came from the IT, energy and financial worlds. They included CEO's of Lockheed Martin, Northrup Grumman, Intel, Bank of America, Visa and Mastercard. The National Institute of Standards and Technology released a cybersecurity framework last week. It's voluntary. Now the government has to convince industry to adopt it. The public has 45 days to comment.

The Syrian Electronic Army seized control of an online tool used by an advocacy organization for President Obama and redirected links sent from Obama's Twitter and Facebook accounts. The pages carried links that were intended to take readers to a Washington Post story on immigration, but as a result of the hack, redirected readers to a video of the Syrian conflict instead. The hacked link shortener is used by Organizing for Action, a group that evolved from Obama's re-election campaign. Obama's Twitter account itself was not hacked.

A British man is arrested and charged with hacking into computer systems of the Army, NASA and other federal agencies. On Monday, a grand jury indicted a British man and his three partners for stealing information about government employees with the intent of disrupting federal government operations. Lauri Love allegedly hacked thousands of systems including the Missile Defense Agency, the Army Corps of Engineers and the EPA. For almost a year Love was able to infiltrate systems, compromising personal data of military personnel and defense budgets. Prosecutors says the Army's Aberdeen Proving Ground in Maryland was one of the hacked systems. Love faces up up to 5 years in prison for each offense.

The Defense Advanced Research Projects Agency, DARPA, is hosting a multi-year competition for fully automatic network defense systems that can evaluate software and root out security threats. DARPA released rules for its cyber grand challenge last week. Applications will be due by June. The final event would be in 2016. The winning team receives two-million dollars in cash.

The National Security Agency says its Web site was down for a bit over the weekend. The agency says the system encountered an internal error during a scheduled update. The NSA says the site was NOT hit with a denial-of-service attack, countering speculation on social media.

A British national is free on bail in the UK after being charged by prosecutors there and here in the United States with hacking into thousands of government computers. Twenty Eight year old Lauri Love's infiltrations allegedly included systems belonging to the Pentagon, NASA and the EPA. Authorities say the attacks began in October of 2012. He is next due in court in February.

The Army still doesn't know whether its new and growing force of soldiers dedicated to cyber missions is large enough for the task. But it's certain it doesn't have the legal authorities it needs to attract and retain the talent it wants.

European leaders demanded the truth at an EU summit meeting in Brussels as reports of possible US spying on allies continue. The British newspaper the Guardian reports the NSA has monitored the communication of 35 world leaders since 2006. German Chancellor Angela Merkel had stern words for the US. She says Germany and other European allies now need to rebuild trust with the US. European Council President Herman Van Rompuy says France and Germany are planning talks by the end of the year with the US to discuss its national intelligence activities.

Justice Department chief information officer Luke McCormack is heading back to the Homeland Security Department to serve as CIO. He replaces Richard Spires, who left the position in May. President Barack Obama announced his decision to appoint McCormack last night. McCormack previously served as CIO for Immigration and Customs Enforcement and acting director for Customs and Border Patrol's Infrastructure Services Division. He's also expected to continue his role leading the information security and identity management committee at the federal CIO Council.

As business practices, information technology and cybersecurity threats become more industry-agnostic, competition across and between industries for cybersecurity professionals will remain fierce, says Earl Crane, former member of the White House National Security Staff. Though professionals will be in short supply for years to come, increased mobility among industries and government will bring a leveling of common cybersecurity skills across the profession.

A glitch in Verizon's customer web portal back in August exposed federal employees' text message histories to the public, Threatpost reports. Verizon's web app is supposed to check that the number entered into the app actually belongs to the customer. Attackers could type any phone number into Verizon's customer portal and download the target account's SMS history, but not the content of the messages. Verizon says it addressed the bug when a non-government customer pointed it out to them.

More international leaders are voicing their concern with US intelligence activities. French newspaper La Monde reports the NSA collected more than 70 million French telephone records in a 30 day period. Now, the French government says it wants a discussion on personal data protection at the European Union Summit that begins today. National Intelligence Director James Clapper denies the allegations in a recent statement. He says the U-S has no plans to discuss its national intelligence activities. German Chancellor Angela Merkel complained to President Barack Obama yesterday after she received information the NSA may be tapping her cell phone.

The National Institute of Standards and Technology has released a draft of voluntary cybersecurity standards for companies. The core functions: Identify. Protect. Detect. Respond. And Recover. The framework defines a set of best practices and provides a tool to help organizations plot their strategies. The departments of Homeland Security, Commerce, and Treasury are reviewing the draft.

Command Sgt. Maj. Rodney Harris, the senior enlisted advisor at Army Cyber Command, said the Army is doing a good job at finding the right soldiers with the necessary skill sets to become cyber warriors.

NIST issues the industry-developed final draft approach to help critical infrastructure providers secure their computer systems. The agency is accepting comments over the next couple of months and will issue a version 1.0 of the framework in February. Industry offered mixed reactions to the framework. Some said it's too broad while others said it provides a set of agreed upon basic cyber protections.